But we are required to use RACF in our shop. Thanks Scott
-----Original Message----- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Mauro Souza Sent: Tuesday, October 06, 2015 6:45 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: DIRM problem > I'm in the process of setting up DIRMAINT AND RACF to work together so > we can exploit SMAPI. If your goal is to exploit SMAPI, you don't need RACF. We use XCAT here, with SMAPI, without RACF, and works nicely. On Oct 6, 2015 03:23, "Alan Altmark" <alan_altm...@us.ibm.com> wrote: > On Monday, 10/05/2015 at 01:42 EDT, Bruce Hayden <bjhay...@gmail.com> > wrote: > > What do you have for all the configuration variables that start with > > PW_ > in > > your CONFIG99 DATADVH file? The expire days should be set by > > PW_INTERVAL_FOR_SET= according to the documentation. I'm guessing > > it is not the default value or at least greater than zero. > > > > But - you say you also have RACF. In that case, forget all of the > > PW_ settings because RACF is the one that will be managing the passwords. > You > > set the password change interval, etc. using the RAC SETROPTS (set > > RACF > > options) command. > > Nah. DIRMAINT still keeps track of when passwords were changed via > DIRMAINT. > > Tearing the problem apart... > DVHADD3212E Unexpected RC= 3376, from: EXEC DVHSTPWC ADD LXTEST2 > CONFIG > > This error is because there is a problem with the PW_INTERVAL_FOR_SET > statement. A DIRM ADD, CHNGID, or SETPW command (ADD, in this case) > attempted to set the password validity interval to a value that is > higher than the interval from the PW_INTERVAL_FOR_GEN statement (2nd > value). The default is 97 days. > > There is either a bug in the doc or a bug in the code. > PW_INTERVAL_FOR_GEN is documented to have to values on it: The first > value specifies the number of days a password is valid following one > of the commands that set the password for a general user, the second > value specifies the number of days a password is valid for a privileged user. > > The code doesn't do that. It assumes all users are general users as > far as PW_INTERVAL_FOR_SET is concerned. > > I would do a > DIRM CMS LISTFILE CONFIG* DATADVH * to see what configuration files > are available. Then I would look in all of them for a > PW_INTERVAL_FOR_SET statement. Not finding any, I would simply > restart DIRMAINT. If you comment out a statement, RLDDATA won't > always work since as far as it's concerned, nothing is overriding the > existing value. > > You can just put a null value on it. > PW_INTERVAL_FOR_SET= > > Alan Altmark > > Senior Managing z/VM and Linux Consultant Lab Services System z > Delivery Practice IBM Systems & Technology Group > ibm.com/systems/services/labservices > office: 607.429.3323 > mobile; 607.321.7556 > alan_altm...@us.ibm.com > IBM Endicott > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, send > email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ The information in this transmission may contain proprietary and non-public information of BB&T or its affiliates and may be subject to protection under the law. The message is intended for the sole use of the individual or entity to which it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited. If you received this message in error, please delete the material from your system without reading the content and notify the sender immediately of the inadvertent transmission.
